Wikileaks case puts focus on digital security challenges

July 26, 2010
by Chris Lefkow

The homepage of the WikiLeaks.org website is seen on a computer after leaked classified military documents were posted. The massive release of secret Pentagon documents by Wikileaks highlights the security challenges of the digital age, when gigabytes of stolen data can be shared in one click, analysts said Monday.

The massive release of secret Pentagon documents by Wikileaks highlights the security challenges of the digital age, when gigabytes of stolen data can be shared in one click, analysts said Monday.

"I think about this in relationship to the Pentagon Papers," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies (CSIS), of the 1971 leak of Pentagon files about the Vietnam War.

"The difference with the Pentagon Papers is that Daniel Ellsberg took a huge sheaf of paper and gave it to a reporter," Lewis told AFP. "Now you can take even more documents and give them to the whole world."

Wikileaks has not identified the source of the classified documents it obtained but suspicion has fallen on Bradley Manning, a US Army intelligence analyst who is currently being held in a military jail in Kuwait.

Manning was arrested in May following the release by Wikileaks of video footage of a US Apache helicopter strike in Iraq in which civilians died and has been charged with delivering defense information to an unauthorized source.

The Pentagon in June said it was probing allegations that Manning supplied classified video and 260,000 secret diplomatic cables to WikiLeaks.

Lewis said the Pentagon, like any organization, is going to have "bad actors" -- insiders who turn against their employer -- "but now it's a lot easier for them to do things like this."

A former Pentagon official said the digital communications revolution, while bringing huge benefits to society overall, also raised security concerns.

"The proliferation of digital media and social software is certainly going to increase the risks of things like this happening," said the official, who declined to be identified because he still plays an active role in national security policy issues.

"Security is always going to be a balance between convenience and security," the former official told AFP. "It's always a tradeoff between functionality and security and the pendulum has swung way to the functionality side."

He cited a controversial Pentagon ban last year on the use of thumb drives by military personnel. "They've now reallowed them but with special thumb drives that are encrypted and tamper proof," he said.

"You've got to rethink how you secure information," said Lewis, who heads the technology and public policy program at the Washington-based CSIS think tank.

"In the paper world, I got a document that had top secret stamped on it and the government trusted that I wouldn't take that piece of paper and share it. Maybe in the paper world that was OK but it's not for the digital," he said.

In the Internet era "we share information by using technology so that everyone can access databases and see documents and they're all stored somewhere," Lewis said.

"But the way we control that access is based on an older model, it's pretty much personal trust," the cybersecurity expert said. "The Pentagon trusts its employees, which is good, but it's not enough."

Lewis said a "more mature system would have said 'Why is somebody downloading thousands of documents?'" and sent out red flags.

"We don't know how it worked in the Wikileaks case, but a big oil company I know, if you were downloading massive amounts of stuff they would turn off your machine," he said. "You ask 'Why is someone storing all this?'"

Don Jackson of SecureWorks said military security clearances, access and "need-to-know" requirements are "based on the analog world, where the worst you had to worry about was information like this being published in a newspaper.

"Something like Wikileaks is not something you had to worry about before the Internet," said Jackson, a security researcher with the counter-threat unit at the information security firm.

"The newspaper can't publish 90,000 documents but Wikileaks can do it in a matter of seconds," he said.

The former Pentagon official said he "deplored" the release of classified information about Afghanistan and Pakistan but said he hoped it would not result in a rollback of the military's tentative embrace of social media.

"It should not be used as justification to try to discourage people from understanding new media and finding out how to use it more effectively," the former official said.

On the theory that a driver who knows when a red light will turn green is more relaxed and aware, vehicle manufacturer Audi is unveiling this week in Las Vegas a technology that enables vehicles to "read" traffic signals ...